Details of VAR-202011-0217

ID

VAR-202011-0217

CVE

CVE-2020-11175

TITLE

plural Qualcomm Product Free Memory Usage Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-013201

DESCRIPTION

u'Use after free issue in Bluetooth transport driver when a method in the object is accessed after the object has been deleted due to improper timer handling.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009W, MSM8909W, QCS605, QM215, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA670, SDA855, SDM1000, SDM640, SDM670, SDM710, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6350, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR1120, SXR1130, SXR2130, SXR2130P. plural Qualcomm The product contains a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Qualcomm QCS605, etc. are all products of Qualcomm. QCS605 is a central processing unit (CPU) product. Qualcomm MSM8909W is a central processing unit (CPU) product. These are the products of individual developers. It is a javascript code library for managing objects and class loading order. Qualcomm QM215 is a central processing unit. Qualcomm SA6155 is a central processing unit. Qualcomm QCS605 is a central processing unit. Qualcomm APQ8009W is a central processing unit. Qualcomm Bluetooth HOST has a resource management error vulnerability, which stems from the improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

Trust: 2.16

sources: NVD: CVE-2020-11175 // JVNDB: JVNDB-2020-013201 // CNNVD: CNNVD-202011-155

IOT TAXONOMY

category:	['other device', 'embedded device']	sub_category:	SoC	Trust: 0.1
category:	['other device', 'embedded device']	sub_category:	general	Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	qualcomm	model:	sm8150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx55	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8009w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx50m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sda640	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa6155	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8155	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8155p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm6350	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm7250	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm7250p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm8250	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm670	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sda670	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sxr2130p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm1000	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm710	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx55m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sxr2130	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm6125	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa6155p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qm215	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm640	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sxr1120	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8909w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm8150p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sxr1130	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sda855	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm7225	scope:	eq	version:	-	Trust: 1.0
vendor:	クアルコム	model:	sa8155p	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sdm 710	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sdm 670	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sa6155	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qm215	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	msm8909w	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8009w	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qcs605	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sa6155p	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sda855	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-013201 // NVD: CVE-2020-11175

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-11175
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-11175
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202011-155
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-11175
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2020-11175
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-11175
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2020-013201 // CNNVD: CNNVD-202011-155 // NVD: CVE-2020-11175

PROBLEMTYPE DATA

problemtype:	CWE-416	Trust: 1.0
problemtype:	Use of freed memory (CWE-416) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-013201 // NVD: CVE-2020-11175

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202011-155

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202011-155

PATCH

title:	November 2020 Security Bulletin	url:	https://www.qualcomm.com/company/product-security/bulletins/november-2020-security-bulletin	Trust: 0.8
title:	Multiple Qualcomm Product resource management error vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=134012	Trust: 0.6

sources: JVNDB: JVNDB-2020-013201 // CNNVD: CNNVD-202011-155

EXTERNAL IDS

db:	NVD	id:	CVE-2020-11175	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-013201	Trust: 0.8
db:	CNNVD	id:	CNNVD-202011-155	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2020-013201 // CNNVD: CNNVD-202011-155 // NVD: CVE-2020-11175

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11175	Trust: 1.4
url:	https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-november-2020-33773	Trust: 0.6
url:	https://www.qualcomm.com/company/product-security/bulletins/november-2020-security-bulletin	Trust: 0.6
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2020-013201 // CNNVD: CNNVD-202011-155 // NVD: CVE-2020-11175

SOURCES

db:	OTHER	id:	-
db:	JVNDB	id:	JVNDB-2020-013201
db:	CNNVD	id:	CNNVD-202011-155
db:	NVD	id:	CVE-2020-11175

LAST UPDATE DATE

2025-01-30T20:58:42.007000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2020-013201	date:	2021-06-21T09:03:00
db:	CNNVD	id:	CNNVD-202011-155	date:	2020-11-24T00:00:00
db:	NVD	id:	CVE-2020-11175	date:	2024-11-21T04:57:03.687

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2020-013201	date:	2021-06-21T00:00:00
db:	CNNVD	id:	CNNVD-202011-155	date:	2020-11-02T00:00:00
db:	NVD	id:	CVE-2020-11175	date:	2020-11-12T10:15:12.513